The smart home, and thus the building systems engineering of the future, would be inconceivable without wireless technology that offers secure data transmission. Operating wireless transmitters without batteries presents additional challenges to the wireless technology used. Suitable KNX/EnOcean gateways can help by allowing installers to seamlessly integrate data-secure and simultaneously self-powered wireless sensors into a KNX system. The result is an integrated system composed of powerful building systems with secure wireless communication.

KNX is currently the most widely accepted standard for intelligent home and building systems in Europe. The bus standard controls heating, lighting, blinds, ventilation and security systems across disciplines and according to demand.

A future-oriented control concept also requires a large number of sensors that detect building states and measured values. As future building systems offer even more functionality, however, new buildings, and especially upgrades, will require an enormous amount of wiring. This makes a flexible wireless solution unavoidable.

Simple wireless solutions require batteries, which means that the maintenance effort and likelihood of failure keeps increasing along with the number of devices, which is unsustainable for professional installations. "Energy harvesting" is therefore an ideal addition to building systems engineering. The wireless sensors work without cables or batteries, using only miniaturised energy converters to obtain energy directly from the surroundings. The devices are thus completely maintenance-free and their placement is flexible. At the same time, the wireless communication is encrypted. As a result, they meet even today's secure data transmission requirements in smart homes.

Data security—the requirements vary

Unwanted data collection and system manipulation are challenges that need to be taken seriously, especially in the critical smart home mass market. In the future, it will be absolutely necessary for product providers to supply security technologies for building systems. Special attention must be given to attacks from the Internet, since this communication channel is not fixed to a specific location and thus easy to use from anywhere. Attackers can have an impact anonymously, regardless of their location. Data that should not fall into the hands of third parties or be manipulated must be encrypted through suitable means, such as PGP or device encryption software.

Wireless networks in smart homes are not generally critical, since a perpetrator must be on-site in order to launch an attack. Nevertheless, wireless locking systems must be secured against impermissible access. It should also not be possible to manipulate the building system for fun or to reveal private information such as a person's individual power consumption. Proven mechanisms for data-secure wireless communication are "rolling codes" and "AES124 encryption," which protect against replay and eavesdropping as well as telegram corruption.

Security of EnOcean wireless technology—confirmed by the Fraunhofer Institute

Both transmission security and data security play a key role in wireless communication. A radio frequency that has high channel availability guarantees transmission security. The EnOcean wireless technology uses the 868.3 MHz frequency band for this purpose, which is regulated throughout Europe. It has a data rate of 125 kbit/s. This high data rate permits very short radio telegrams, which require very little energy for transmitting data, and also significantly prevents telegram collisions. Multiple telegram transmissions establish redundancy, either by sending telegrams multiple times as a precaution (with unidirectional transmission) or by using energy-efficient "smart acknowledge" processes, depending on success. A one-time identification number of the wireless transmitter (32-bit ID), which cannot be changed or copied, also prevents duplicates. These authentication methods ensure transmission-secure communication in building automation even without rolling codes or AES 124.

Self-powered wireless technology also makes data more secure with "enhanced security." This approach adds rolling codes and AES 124 encryption to the established radio protocol. A 24-bit rolling code (RC), which is incremented with each telegram, is used as a basis for calculating a 32-bit cypher-based message authentication code (CMAC). The CMAC uses the 128-bit AES encryption algorithm. The sender encrypts the data packets by enciphering the data with a 128-bit AES algorithm.

Security is provided by the digital key code used, which is comparable to the bit of a door key. The sender and recipient exchange this key a single time, for example during setup or training. Afterward, the data is encrypted and protected against external attack.

These enhanced data security mechanisms meet the latest standards and are well established. The renowned Fraunhofer AISEC Institute has extensively rated the reliability of the mechanism used. “EnOcean offers a solid, state-of-the-art security concept, … sufficient for all metering, energy efficiency and comfort applications" (Source: Comparative Analysis of the EnOcean Security Protocol, Fraunhofer AISEC, 2014).

Energy harvesting and data security

A high data rate is important for secure data transmission, since more data has to be transmitted than with a protocol that provides only transmission security. Since EnOcean's 124-kbit/s wireless technology also significantly optimizes the telegram overhead, the EnOcean switch telegram only needs 1.2 ms for transmission, including encryption and rolling code (CMAC).

With at least a twofold telegram repetition (necessary redundancy with unidirectional transmission) and a useful 0 dBm radio transmission capacity, the energy demand of the transmitting electronics is a minimal 120 µJ. The value typically provided by the energy converter should be approximately 160 uJ in order to provide transmitter tolerances in series production. The converter efficiency alone is approximately 20%. Unavoidable additional losses occur during energy preparation (step-down converter, residual charge of the backup capacitor). The actuation energy at the converter is thus typically approximately 1.25 mJ.

Lights are dimmed and blinds controlled by pressing a switch, which requires a restoring spring. The energy generator must be actuated each time the button is pressed and also when it is released. When the button is operated, the actuating force rises to approximately 8 N over a distance of around 2 mm, the converter being actuated for the first time. When the button is released, the extended restoring spring causes the converter to be actuated again. In addition, approximately 50% of the applied actuation energy is released. Including the mechanical friction and transformation losses, a total mechanical energy of approximately 4 mJ is required for the two telegrams when the button is pressed and released. Due to the unavoidable mechanical and electrical transformation, the entire "wireless switch" system can have a total efficiency of only approximately 8%, even though the converter itself has an efficiency of around 20%.

The 8 N actuating force mentioned above with an actuating distance of 2 mm is typical for the haptics of building switches. The actuating haptics of an EnOcean wireless switch, including data encryption and full transmitter range, is thus within the customary range of an established light switch.

The efficiency of an electrodynamic energy converter cannot be increased very much within this energy range. Nor can the mechanical idiosyncrasy of the "switch" system be significantly changed. Telegrams that are longer than 1.2 ms, such as those used in EnOcean wireless technology, inevitably result in higher forces or longer actuating paths. A wireless telegram that has, for example, a much lower data rate, would have to overcome physical limits for an energy harvesting switch.

Gateway—the link between the KNX bus and data-secure energy harvesting wireless systems

Gateways are used to combine KNX with secure energy harvesting wireless systems. KNX/EnOcean gateways are typically fully integrated into the ETS. The signal strength of the received EnOcean telegrams can also be displayed and analysed. The installer can thus quickly determine whether the information from the self-powered wireless sensors reach the gateway with a sufficient signal strength. Any additional instrument for measuring the field strength would then be superfluous.

The gateways generally operate over a channel structure. They can be configured individually for different functions over the KNX bus, using the ETS software. This includes switching (on/off/changeover/encoder), dimming, blinds up/down, window contact, window handle, binary input, light sensor, motion detector as well as temperature sensor with selection options for presence sensor, setpoint generator, step switch or moisture sensor. The gateway interprets the radio telegrams of the EnOcean sensors and maps the data to KNX group objects, taking the KNX data point types into account.


A wide range of switches, sensors and actuators that support EnOcean wireless technology have been available since early 2015. Corresponding wall switches, remote controls, window contacts and actuators can be purchased wholesale. In addition, several providers plan to expand their KNX EnOcean gateways with encrypted wireless communication.

Along with security, downward compatibility is also important. Both the new EnOcean wireless transmitters and the new wireless receivers are designed to optionally send and receive the previous transmission-secure radio telegrams as well as the new telegrams with additional data security. A KNX gateway that decodes encrypted telegrams can also continue to process standard telegrams.